Feb. 26, 2014
|

Student union building clock tower at Indiana University / File photo

by Stephanie Wang, Indy Star

by Stephanie Wang, Indy Star

About 146,000 Indiana University students and graduates may have had their personal data exposed in a secu­rity hole reported Tuesday.

The names, addresses and Social ­Security numbers of students and ­recent graduates at seven IU cam­puses who attended from 2011 to 2014 were stored for nearly a year on a site unprotected by security authentication, an IU news release said.

A staff member in the university registrar's office discovered the security lapse last week. The site was locked down, and the data were moved to a secure location the next day, the release said.

The university found three automated computer data mining applications - known as "webcrawlers" - had accessed and downloaded the data files, the release said.

The university said the files had safeguards in place to mask the data.

IU "has no evidence that the files have been viewed or used for inappropriate or illegal purposes," the release said.

The issue was inadvertently caused by a change in security protections in March 2013, according to the release.

The university will notify students affected by the data exposure this week and will set up a call center at (866) 254-1484 by Friday to handle questions.

The university said it will supply the names and Social Security numbers of students affected to the three major credit-reporting agencies to assist with credit monitoring. The school also has reported the incident to the Indiana attorney general.